On Thursday, September 20, 2018, Stefan Ring <stefan...@gmail.com> wrote:
> On Tue, Sep 18, 2018 at 8:38 AM INADA Naoki <songofaca...@gmail.com> > wrote: > > > I think this topic should split to two topics: (1) Guard Python > > process from Spectre/Meltdown > > attack from other process, (2) Prohibit Python code attack other > > processes by using > > Spectre/Meltdown. > > (3) Guard Python from performance degradation by overly aggressive > Spectre "mitigation". > Spectre has the potential of having a greater impact on cloud providers than Meltdown. Whereas Meltdown allows unauthorized applications to read from privileged memory to obtain sensitive data from processes running on the same cloud server, Spectre can allow malicious programs to induce a hypervisor to transmit the data to a guest system running on top of it. - Private SSL certs - Cached keys and passwords in non-zeroed RAM - [...] https://en.wikipedia.org/wiki/Spectre_(security_vulnerability) I really shouldn't need to apologise for bringing this up here. Here's one: https://github.com/Eugnis/spectre-attack/blob/master/Source.c Is this too slow in CPython with: - Coroutines (asyncio (tulip)) - PyPy JIT * - Numba JIT * - C Extensions * - Cython * * Not anyone here's problem.
_______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
